spf record

I have a client who has a domain name registered with their registrant,

has their own on-prem exchange server

and a website hosted by a 3rd party.

The website also creates emails when someone makes an online inquiry/feedback.

Today I tried to get the SPF record edited by the registrant, to include the website hosting providers domain and had what equates to an argument via chat over what is/isn't possible. So I'm here in the court of Experts Exchange to see what your thoughts are.

as you wrote, it is possible to create SPF record of that type.
Question is, why are you making that modification?

When someone makes online inquiry, is mail going to be directed to exchange or is it sent to some other mail server? If it is sent to exchange, then you should create additional receive connector, that is going to accept connection from that provider and problem solved. Or if mail is send via some account, that is authenticated, then there should be no need to do anything. Just point to exchange.

You need SPF to help other mail servers identify if mail sent to them, sent from your mail servers. If you are sending mail to your exchange, from website, then you don't need to modify it.

Your SPF record has a 256 character limit, and the current value belowonly uses 32 characters so you're good for now:

v=spf1 ip4:222.222.222.222 -all

You need to work with the web host and gather all WAN IPs they will use to send email on your behalf. This can include a CIDR range, ie 222.222.222.0/24. Your SPF record can also include recursive records which you demonstrated in your initial post with:

One last thing. If you do ever get yourself into a situation where you're approaching the 256 character limit, just nest an SPF record inside your SPF record. Check out the SPF record for microsoft.com:

I tried the kitterman spf test with the correct IP address and syntax and it passes

v=spf1 ip4:203.45.234.155 include:worldsecuresystems.com -all

As an FYI about the config, some other factors

The client does use a cloud spam filtering service which is looking for spf's to refine the filtering accuracy

The website developer tells me he cant modify any of the config of the website feedback/inquiry mechanism (not sure how factual this is - not my forte) except the recipient email address for the email it generates

He cant point the emails generated by feedback/inquiry at the IP or FQDN for the domain, making it important that we get the spf correct to ensure the emails get thru the filter and not treated as spoofed.

Featured Post

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Recipients >>…